{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T08:57:05.679","vulnerabilities":[{"cve":{"id":"CVE-2022-21532","sourceIdentifier":"secalert_us@oracle.com","published":"2022-07-19T22:15:11.287","lastModified":"2024-11-21T06:44:53.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."},{"lang":"es","value":"Una vulnerabilidad en el producto JD Edwards EnterpriseOne Orchestrator de Oracle JD Edwards (componente: E1 IOT Orchestrator). Las versiones compatibles que están afectadas son 9.2.6.3 y anteriores. Una vulnerabilidad explotable fácilmente permite a un atacante poco privilegiado y acceso a la red por medio de HTTP comprometer a JD Edwards EnterpriseOne Orchestrator. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de JD Edwards EnterpriseOne Orchestrator. CVSS 3.1, Puntuación Base 4.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*","versionEndIncluding":"9.2.6.3","matchCriteriaId":"6A879BA9-0224-40A0-B2D5-8871E9A90735"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}